[Gllug] Someone is using the broadcast address!!
Hong Chyr
hongchyr at yahoo.co.uk
Fri Oct 12 06:44:26 UTC 2007
Guys
This is not a linux specific question. but here's the story:
I'm helping a friend troubleshooting this strange problem. He manages a
network that is extremely chaotic and virus ridden. One particular IP
address is identified as the major source of attack, 10.104.3.255. This
device is using the broadcast address and seem to be knocking on
everyone's doors to propagate worms.
If we ping the address, another IP address will respond in its place.
Question now is, how can we trace the IP to the machine? To add to the
difficulty, none of the switches are managed, ie, there's no packet
statistics to identify which port is flooding the network.
Any ideas?
Hong
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list